1. cat(1)ing /dev/urandom does not exploit any problems in an ssh client. Ssh is written well and the program will realize there is a problem on the TCP stream, describe the error and exit
2. My goal is to discourage punk hackers from attempting to crack my networks. In order to do this, I'm experimenting with variations of invalid TCP streams on TCP port 22.
3. I have no idea how people think this can hurt any network other than my own or any legitimate software product.
I have to admit I'm angry at your attempt to argue a null issue. Your network shouldn't be connecting to my networks but, in case it does, the worse that can happen is a stream of random data will pass to your machine over one socket from a single host resulting in bandwidth usage on the lines of downloading a file. I postulated the hacking tool is not written well.
Please lets forget about this thread because its going nowhere and once again, I apologize about all this spam.
Brian Micek
On Sat, 2005-11-05 at 16:41 -0500, Alec Warner wrote:
Brian Micek wrote: > I don't think you understand what I'm proposing. I am currently cat > (1)ing /dev/urandom on TCP port 22 in hopes to discourage hackers who > attempt to break into my system. Its beyond me how this is treading on > dangerous ground, what systems I'll endanger or what is morally wrong > with doing this. Brian Micek > > On Sat, 2005-11-05 at 15:19 -0500, William Yang wrote: > > >>agenci > > How is what are you planning to do any different from me hosting a website that attempts to exploit vulnerable web clients? Am I not responsible for hosting what could be considered hostile content? Are you responsible for damages to my machine if your /dev/urandom causes me undo downtime? You may think that this situation is different than the web example above, but in reality they are quite similar. You can't know with 100% certainty that the person requesting resources is a hacker and attempting to crash their client is what most would consider a hostile action. We all realise that there are people who do dumb crap like ssh scanning. However, I seriously doubt doing anything like this is going to help your situation; or hinder theirs. In the end you will waste bandwidth and cpu cycles and as the other poster mentioned, if they are smart enough to realize what is going on they can probably DoS your machine with it. Just keep your ports closed, or keep them open and monitor the activity. No need to go pissing the scanners off and give them a reason to spend more time on your systems anyway. -Alec Warner (Antarus)
signature.asc
Description: This is a digitally signed message part
